7426 matches found
CVE-2010-0744
aMSN aka Alvaro's Messenger 0.98.3 and earlier, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name CN field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof an MSN server via ...
irssi multiple security vulnerabilities
Insufficient SSL certificate and version validation, DoS...
Ubuntu: Security Advisory (USN-929-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
Debian DSA-1946-1 : belpic - cryptographic weakness
It was discovered that belpic, the belgian eID PKCS11 library, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which could be used to bypass the certificate validation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
Debian DSA-1852-1 : fetchmail - insufficient input validation
It was discovered that fetchmail, a full-featured remote mail retrieval and forwarding utility, is vulnerable to the 'Null Prefix Attacks Against SSL/TLS Certificates' recently published at the Blackhat conference. This allows an attacker to perform undetected man-in-the-middle attacks via a...
Debian DSA-1940-1 : php5 - multiple issues
Several remote vulnerabilities have been discovered in the PHP 5 hypertext preprocessor. The Common Vulnerabilities and Exposures project identifies the following problems : The following issues have been fixed in both the stable lenny and the oldstable etch distributions : - CVE-2009-2687...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
PostgreSQL空字符CA SSL整数校验安全绕过漏洞
Bugraq ID: 37334 CVE ID:CVE-2009-4034 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 处理部分证书字段中嵌入空字符的SSL证书存在错误,攻击者可以利用漏洞伪造证书,进行中间人等攻击。 SSL证书中的空字符可用于伪造客户端或服务端验证,只影响启用了SSL,执行证书名校验或客户端证书验证,而其CA已经被诱骗发布了非法证书的用户。 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.8 PostgreSQL PostgreSQL 8.3.6 PostgreSQL...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
Debian: Security Advisory (DSA-1946-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
DSA-1946-1 belpic - cryptographic weakness
Bulletin has no description...
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...
[SECURITY] [DSA-1940-1] New php5 packages fix several issues
------------------------------------------------------------------------ Debian Security Advisory DSA-1940-1 [email protected] http://www.debian.org/security/ Stefan Fritsch November 25, 2009 http://www.debian.org/security/faq -...
DSA-1940-1 php5 - multiple issues
Bulletin has no description...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
deprecate MD2 in SSL cert validation (Kaminsky)
The Network Security Services NSS library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash...
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass
Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...